Merge "Give media.metrics service access to uid/pkg info" into oc-mr1-dev
diff --git a/private/adbd.te b/private/adbd.te
index d28b836..47a6cbd 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -65,9 +65,14 @@
# Run /system/bin/bu
allow adbd system_file:file rx_file_perms;
-# Use screencap
-domain_auto_trans(adbd, screencap_exec, screencap)
-allow adbd screencap:process signal;
+# Perform binder IPC to surfaceflinger (screencap)
+# XXX Run screencap in a separate domain?
+binder_use(adbd)
+binder_call(adbd, surfaceflinger)
+# b/13188914
+allow adbd gpu_device:chr_file rw_file_perms;
+allow adbd ion_device:chr_file rw_file_perms;
+r_dir_file(adbd, system_file)
# Needed for various screenshots
hal_client_domain(adbd, hal_graphics_allocator)
@@ -134,5 +139,5 @@
# No transitions from adbd to non-shell, non-crash_dump domains. adbd only ever
# transitions to the shell domain (except when it crashes). In particular, we
# never want to see a transition from adbd to su (aka "adb root")
-neverallow adbd { domain -crash_dump -shell -screencap }:process transition;
+neverallow adbd { domain -crash_dump -shell }:process transition;
neverallow adbd { domain userdebug_or_eng(`-su') }:process dyntransition;
diff --git a/private/app.te b/private/app.te
index 068f095..9251ed9 100644
--- a/private/app.te
+++ b/private/app.te
@@ -409,9 +409,7 @@
# sigchld allowed for parent death notification.
# signull allowed for kill(pid, 0) existence test.
# All others prohibited.
-neverallow { appdomain -shell } { domain -appdomain }:process
- { sigkill sigstop signal };
-neverallow shell { domain -appdomain -screencap }:process
+neverallow appdomain { domain -appdomain }:process
{ sigkill sigstop signal };
# Transition to a non-app domain.
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index a517b96..9e1eb97 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -31,6 +31,4 @@
;; Thus, these types are also not mapped, but recorded for checkapi tests
(typeattribute priv_objects)
(typeattributeset priv_objects
- ( adbd_tmpfs
- screencap
- screencap_exec ))
+ ( adbd_tmpfs ))
diff --git a/private/dumpstate.te b/private/dumpstate.te
index a2f4e25..0fe2adf 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -24,7 +24,3 @@
# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)
-
-# Use screencap
-domain_auto_trans(dumpstate, screencap_exec, screencap)
-allow dumpstate screencap:process signal;
diff --git a/private/file_contexts b/private/file_contexts
index 8804352..5369758 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -212,7 +212,6 @@
/system/bin/mediametrics u:object_r:mediametrics_exec:s0
/system/bin/cameraserver u:object_r:cameraserver_exec:s0
/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0
-/system/bin/screencap u:object_r:screencap_exec:s0
/system/bin/mdnsd u:object_r:mdnsd_exec:s0
/system/bin/installd u:object_r:installd_exec:s0
/system/bin/otapreopt_chroot u:object_r:otapreopt_chroot_exec:s0
diff --git a/private/screencap.te b/private/screencap.te
deleted file mode 100644
index 579373a..0000000
--- a/private/screencap.te
+++ /dev/null
@@ -1,26 +0,0 @@
-type screencap, domain;
-type screencap_exec, exec_type, file_type;
-
-typeattribute screencap coredomain;
-
-allow screencap gpu_device:chr_file rw_file_perms;
-allow screencap ion_device:chr_file rw_file_perms;
-
-allow screencap adbd:fifo_file write;
-allow screencap adbd:fd use;
-allow screencap adbd:unix_stream_socket { read write };
-
-allow screencap shell_data_file:file write;
-allow screencap shell:fd use;
-allow screencap shell:unix_stream_socket { read write };
-
-allow screencap dumpstate:fd use;
-allow screencap dumpstate:unix_stream_socket { read write };
-
-binder_use(screencap)
-binder_call(screencap, surfaceflinger)
-allow screencap surfaceflinger_service:service_manager find;
-allow screencap surfaceflinger:fd use;
-
-hwbinder_use(screencap)
-hal_client_domain(screencap, hal_graphics_allocator)
diff --git a/private/shell.te b/private/shell.te
index 095dc43..5299532 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -26,7 +26,3 @@
# Perform SELinux access checks, needed for CTS
selinux_check_access(shell)
selinux_check_context(shell)
-
-# Use screencap
-domain_auto_trans(shell, screencap_exec, screencap)
-allow shell screencap:process signal;
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 7184fbc..b33035e 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -21,7 +21,6 @@
binder_call(surfaceflinger, binderservicedomain)
binder_call(surfaceflinger, appdomain)
binder_call(surfaceflinger, bootanim)
-binder_call(surfaceflinger, screencap)
binder_service(surfaceflinger)
# Binder IPC to bu, presently runs in adbd domain.
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 3e97731..f6d6a0a 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -142,6 +142,9 @@
allow dumpstate bluetooth_logs_data_file:dir r_dir_perms;
allow dumpstate bluetooth_logs_data_file:file r_file_perms;
+# Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
+allow dumpstate gpu_device:chr_file rw_file_perms;
+
# logd access
read_logd(dumpstate)
control_logd(dumpstate)
diff --git a/public/file.te b/public/file.te
index 72f22fe..bcdc461 100644
--- a/public/file.te
+++ b/public/file.te
@@ -324,6 +324,7 @@
# Allow files to be created in their appropriate filesystems.
allow fs_type self:filesystem associate;
+allow cgroup tmpfs:filesystem associate;
allow sysfs_type sysfs:filesystem associate;
allow debugfs_type { debugfs debugfs_tracing }:filesystem associate;
allow file_type labeledfs:filesystem associate;
diff --git a/public/lmkd.te b/public/lmkd.te
index f4e6c2d..208720c 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -27,6 +27,9 @@
# Clean up old cgroups
allow lmkd cgroup:dir { remove_name rmdir };
+# Allow to read memcg stats
+allow lmkd cgroup:file r_file_perms;
+
# Set self to SCHED_FIFO
allow lmkd self:capability sys_nice;